Warner is now focusing on fighting cyber-crime full-time and on training a new generation of network forensics investigators. "You wouldn't believe the looks on their eyes the first time they got an e-mail back from a Webmaster saying, 'Thanks for letting me know. I just shut that down.'"

When he spoke with IDG News, it was five days after final exams at the University of Alabama at Birmingham and though it would have no effect on their marks, four students were still coming into the labs to help shut down phishers.

"That idea that as a private citizen, you can help, that's the kind of thing we're trying to inspire," he said.

The Future of Phish-busting

At the University, Warner is building up a 256-node supercomputer which could eventually become the largest collection of spam email on the planet, processing as many as 100 million email messages per day and providing researchers and law enforcement with valuable analysis data.

For Warner, the work isn't so much a job, as it is his moral responsibility as a computer scientist. "One of the things that really bothered me from the very beginning was people who were using my field to attack other people," he said. "The way I see it, this is our Internet. I'm going to stand at the end of my driveway and protect what's mine."

He says that his anti-phishing work hardly feels like work at all. "This is what I like to do," he said. "It's cheaper than golf, and you can do it when the weather's bad."

What You Can Do to Protect Yourself

"The best people that help law enforcement have no motive other than to catch the bad guy," said one law enforcement official who declined to be identified because he hadn't been authorized to speak with the press.

But even if you're not a cyber sleuth, if you get hit by a computer criminal there are some things you can do to help police catch the criminal. What you should do depends a little bit on the crime. If you're the victim of identity theft, it's worth filing a report with state and local police so that you have a record of the crime.

That comes in handy later, in case you need to prove that it was the thief, and not you, that incurred any subsequent charges. Another good place to stop is the Federal Trade Commission (FTC) site, which has a variety of tools to help identity theft victims get organized and set their credit back on track. And if things get really bad, the Social Security Administration can help you, too. This site has instructions on how to report social security fraud and get a new social security number.

You can file a report with the FTC, but if you want your data to be used to catch the bad guys, the Internet Crime Complaint Center (IC3) is a better bet. Run in part by the FBI, the IC3 data is used regularly by law enforcement to link together large schemes. The more factual data you can report about your crime, the more useful it will be to police. Sometimes a single fax number or eBay ID can help crack open an entire case.

The FBI is most interested in crimes that involve malicious software, phishing, and child pornography. Spam and auction fraud get a lower priority and, worse, if you're the victim of an auction fraud, the odds of you ever getting your money back are very low.

Still, if you're rigorous about documenting the crime, and you fill out that IC3 complaint, you just may be helping to bring down your criminal -- some day.